Closed Bug 1772047 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 34272 - [WPT] Do not allow hash method mismatch in comsuming preloads

Categories

(Core :: DOM: Core & HTML, task, P4)

Product:
Core
Component:
DOM: Core & HTML
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
103 Branch
Tracking Flags:
Tracking Status
firefox103 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 34272 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/34272
Details from upstream follow.

Hiroshige Hayashizaki <hiroshige@chromium.org> wrote:

[WPT] Do not allow hash method mismatch in comsuming preloads

Bug: https://github.com/whatwg/html/issues/7973
Change-Id: I1bbe327080a83bcd74f46f64668cf73490ef6d7c
Reviewed-on: https://chromium-review.googlesource.com/3681845
WPT-Export-Revision: 42e57b7f22b149ac1e5e86c6a915bfe5e122a0eb

Component: web-platform-tests → DOM: Core & HTML
Product: Testing → Core

CI Results

Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 1 tests and 77 subtests

Status Summary

Firefox

OK : 1
PASS: 52
FAIL: 25

Chrome

OK : 1
PASS: 71
FAIL: 6

Safari

OK : 1
PASS: 40
FAIL: 37

Links

GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

  • /preload/subresource-integrity.html [wpt.fyi]
    • Same-origin script with incorrect hash.: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin script with sha256 match, sha512 mismatch: FAIL (Chrome: PASS, Safari: FAIL)
    • <crossorigin='anonymous'> script with incorrect hash, ACAO: *: FAIL (Chrome: PASS, Safari: FAIL)
    • <crossorigin='use-credentials'> script with incorrect hash CORS-eligible: FAIL (Chrome: PASS, Safari: FAIL)
    • <crossorigin='anonymous'> script with CORS-ineligible resource: FAIL (Chrome: PASS, Safari: FAIL)
    • Cross-origin script, not CORS request, with correct hash: FAIL (Chrome: PASS, Safari: FAIL)
    • Cross-origin script, not CORS request, with hash mismatch: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin script with matching digest does not reuse preload with matching but stronger digest.: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin script with wrong digest does not reuse preload with correct and stronger digest.: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin style with incorrect hash.: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin style with sha256 match, sha512 mismatch: FAIL (Chrome: PASS, Safari: FAIL)
    • <crossorigin='anonymous'> style with incorrect hash, ACAO: *: FAIL (Chrome: PASS, Safari: FAIL)
    • <crossorigin='use-credentials'> style with incorrect hash CORS-eligible: FAIL (Chrome: PASS, Safari: FAIL)
    • <crossorigin='anonymous'> style with CORS-ineligible resource: FAIL (Chrome: PASS, Safari: FAIL)
    • Cross-origin style, not CORS request, with correct hash: FAIL (Chrome: PASS, Safari: FAIL)
    • Cross-origin style, not CORS request, with hash mismatch: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin style with matching digest does not reuse preload with matching but stronger digest.: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin style with wrong digest does not reuse preload with correct and stronger digest.: FAIL (Chrome: PASS, Safari: FAIL)
    • Same-origin image with incorrect hash.: FAIL (Chrome: FAIL, Safari: FAIL)
    • Same-origin image with sha256 match, sha512 mismatch: FAIL (Chrome: FAIL, Safari: FAIL)
    • <crossorigin='anonymous'> image with incorrect hash, ACAO: *: FAIL (Chrome: FAIL, Safari: FAIL)
    • <crossorigin='use-credentials'> image with incorrect hash CORS-eligible: FAIL (Chrome: FAIL, Safari: FAIL)
    • <crossorigin='anonymous'> image with CORS-ineligible resource: FAIL (Chrome: PASS, Safari: FAIL)
    • Cross-origin image, not CORS request, with correct hash: FAIL (Chrome: FAIL, Safari: FAIL)
    • Cross-origin image, not CORS request, with hash mismatch: FAIL (Chrome: FAIL, Safari: FAIL)
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3fdb08b10986 [wpt PR 34272] - [WPT] Do not allow hash method mismatch in consuming preloads, a=testonly https://hg.mozilla.org/integration/autoland/rev/bb9e565ec115 [wpt PR 34272] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/3fdb08b10986
https://hg.mozilla.org/mozilla-central/rev/bb9e565ec115

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox103: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 103 Branch
You need to log in before you can comment on or make changes to this bug.